A Kurdish hacker codenamed “MuhmadEmad” from the hacktivist group “KurdLinux_Team” have managed to gain unauthorized access to Dell’s official website subdomains and leaving them defaced. At the time of publishing this news article, the website remained hacked.
The hackers left a deface page on Dell official website with the following message on the index page:
HaCkeD By MuhmadEmad
Long Live to
{Peshmerga && kurd && Kurdistan}
KurdLinux_Team
c0ntact
kurdlinux007@gmail.com
Death to { ISIS + TURKEY }
Although it’s unclear 100% why the hackers had set Dell websites and servers a target to be hacked and defaced. However, according to the page uploaded by the hackers, it appears that the hacktivist group is extremely against the “Turkey” and the “ISIS”.
What caused the Dell website/server to be hacked?
We can’t exactly tell yet on how hackers managed to gain access to Dell servers and websites, However, it appears that the subdomains that had been hacked were running on an open source CMS script called “Drupal”. Therefore, there could have been a vulnerability on the websites CMS, by Dell using an old version of the script or could have been due to admins using silly passwords.
Earlier, there had been an SQL injection exploit for the Drupal CMS version 7.32. The exploit had allowed hackers to inject into the websites database and get the hashed/encrypted password of admins which would then be cracked to gain access to the website admin control panel, allowing hackers to do anything with the website. This exploit could have been used on Dell websites which lead it to defacement.
MuhmadEmad had recorded his defacement of Dell’s website and uploaded a video on YouTube too. The video can be watched below:
The subdomains that had been defaced are:
- eir.dell.com (http://eir.dell.com/sites/default/files/index.php)
- eir.dell.fr
- eir.dell.ie
- eir.dell.co.uk
- eir.dell.nl
MuhmadEmad also saved his defacement on Zone-H archives, which saves the website a copy of the source code at the time of the website being defaced.
- http://www.zone-h.org/mirror/id/26313750
- http://www.zone-h.org/mirror/id/26376566
- http://www.zone-h.org/mirror/id/26376565
- http://www.zone-h.org/mirror/id/26376564
- http://www.zone-h.org/mirror/id/26376563
Since Dell is a big company that sells computers and servers around the world, this hack surely puts a big question over Dell website and servers poor security. However, this isn’t the first time dells website had been hacked. According to Zone-H records, the same subdomains had been defaced back in 2015 by a hacktivist named “Moh Ooasiic”.
Update: The website subdomains remain defaced for over 24 hours and has still not been restored yet. We believe Dell still has no idea that their subdomains are hacked. Although we are not sure if it’s due to the weekend or what, as on weekends offices do remain closed.
Update: Dell appears to have taken the hacked server down. Therefore, the subdomains remain inaccessible.
We will update this news article as soon as we receive more updates about the Dell website being hacked.